0Pricing
C# Academy · Lesson

Secrets Management

Store secrets safely using .NET User Secrets in development and Azure Key Vault or environment variables in production.

Secrets Are Not Config

Passwords, API keys, connection strings, and JWT signing keys must never be stored in appsettings.json or committed to source control. .NET provides several purpose-built mechanisms for secrets management.

User Secrets (Development)

User Secrets store development secrets outside the project directory in a machine-local file. They are loaded automatically in the Development environment and never travel with the source code.

# Initialize (adds UserSecretsId to .csproj):
dotnet user-secrets init

# Set secrets:
dotnet user-secrets set "Database:Password" "dev-pass-123"
dotnet user-secrets set "Jwt:SigningKey" "dev-jwt-key-abc"
dotnet user-secrets set "OpenAI:ApiKey" "sk-..."

# List / remove:
dotnet user-secrets list
dotnet user-secrets remove "OpenAI:ApiKey"

# Stored at:
# macOS/Linux: ~/.microsoft/usersecrets/{id}/secrets.json
# Windows:     %APPDATA%\Microsoft\UserSecrets\{id}\secrets.json

All lessons in this course

  1. Configuration Sources & Providers
  2. Strongly Typed Options with IOptions
  3. Options Validation & Named Options
  4. Secrets Management
← Back to C# Academy